Prototype Pollution in node.extend

2019-02-0718:17:34

CWE-400

GitHub Advisory Database

github.com

0.004 Low

EPSS

Percentile

73.2%

Versions of node.extend before 1.1.7 or 2.0.1 are vulnerable to prototype pollution.

Recommendation

Update to version 1.1.7, 2.0.1 or later.

CPENameOperatorVersion
node.extendeq2.0.0
node.extendlt1.1.7

CPE	Name	Operator	Version
	node.extend	eq	2.0.0
	node.extend	lt	1.1.7

github.com/advisories/GHSA-r96c-57pf-9jjm

hackerone.com/reports/430831

nvd.nist.gov/vuln/detail/CVE-2018-16491

www.npmjs.com/advisories/781

0.004 Low

EPSS

Percentile

73.2%

Related for GHSA-R96C-57PF-9JJM